CVE-2009-1961

Linux Kernel 2.6.x - 'splice' Double Lock Local Denial of Service

Severity Score

4.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

El código de doble bloqueo del inodo de fs/ocfs2/file.c del kernel de Linux v2.6.30 anterior a v2.6.30-rc3, v2.6.27 anterior a v2.6.27.24, v2.6.29 anterior a v2.6.29.4 y puede que otras versiones anteriores a v2.6.19; permite a usuarios locales provocar una denegación de servicio (prevención de creación y borrado de ficheros) a través de una serie de llamadas al sistema anidadas que provocan un bloqueo mutuo -deadlock- entre las funciones generic_file_splice_write, splice_from_pipe y ocfs2_file_splice_write.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-05-29 First Exploit
2009-06-06 CVE Reserved
2009-06-06 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-667: Improper Locking

CAPEC

References (23)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17	Broken Link
http://secunia.com/advisories/35390	Broken Link
http://secunia.com/advisories/35394	Broken Link
http://secunia.com/advisories/35656	Broken Link
http://secunia.com/advisories/35847	Broken Link
http://secunia.com/advisories/36051	Broken Link
http://securitytracker.com/id?1022307	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/33015	2009-05-29
http://www.openwall.com/lists/oss-security/2009/05/30/1	2024-08-07
http://www.openwall.com/lists/oss-security/2009/06/02/2	2024-08-07
http://www.openwall.com/lists/oss-security/2009/06/03/1	2024-08-07
http://www.securityfocus.com/bid/35143	2024-08-07

URL	Date	SRC
http://www.debian.org/security/2009/dsa-1844	2024-02-15
http://www.openwall.com/lists/oss-security/2009/05/29/2	2024-02-15

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html	2024-02-15
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html	2024-02-15
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html	2024-02-15
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135	2024-02-15
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148	2024-02-15
http://www.redhat.com/support/errata/RHSA-2009-1157.html	2024-02-15
http://www.ubuntu.com/usn/usn-793-1	2024-02-15
https://access.redhat.com/security/cve/CVE-2009-1961	2009-07-14
https://bugzilla.redhat.com/show_bug.cgi?id=503474	2009-07-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 2.6.19 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.19"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.27 < 2.6.27.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.27 < 2.6.27.24"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 2.6.29.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 2.6.29.4"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30"		rc2		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				10.3 Search vendor "Opensuse" for product "Opensuse" and version "10.3"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				11.0 Search vendor "Suse" for product "Linux Enterprise" and version "11.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				11 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		-		Affected